Intrusion Prevention

Apache.Struts.XSS

Description

This indicates attack attempts against multiple Persistence Cross Site Scripting vulnerabilities in Apache Struct framework.
The vulnerabilities is caused because the vulnerable application fails to sanitise user-supplied input. Successful attacks may allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application.

Affected Products

Apache struts 2.2.3 and prior.

Impact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

Recommended Actions

Upgrade to the latest version, available from the web site.
http://struts.apache.org/download.cgi

CVE References

CVE-2012-1006